BISM7221 Information Systems Governance and Assurance

Purpose This document identifies the requirements for this assessment and a marking rubric to provide guidance in undertaking this assessment. Details: Type: Report Due Date: 2:00pm 7th June 2024 Weight: 50% In Brief: One Business Consulting Report with recommendations to inform the Company's Board and Management regarding IT Governance, Fraud assessment, and assessment of General controls and Operations to improve business performance. Task Description This is an individual assignment. Students will use their understanding from the course of IT governance, fraud detection, and general controls to prepare a Business Consulting Report with recommendations that improve business performance. This report is derived from a case organisation described in the Assignment Specification. The Business Consulting Report will require analytical skills to assess the case organisation's portfolio of IT governance mechanisms, consider the potential for fraud arising from weaknesses in the internal control mechanisms, document any findings of fraud, and how to improve organisational performance through recommendations that strengthen the internal controls environment. The report will document the project rationale and approach, findings, and key recommendations for IT governance, fraud prevention, and the IT general controls environment. The report is a cohesive document that can be communicated to the client. The results are communicated as a Business Consulting Report of 8 to 12 pages in length (excluding appendices). Students are to use SQL data analytic techniques used in tutorials for fraud detection work and use Excel data visualisations to highlight their findings in the report. These visualisations should be to a high standard as they are to be communicated directly to the UQ Business School 26th April 2024 A failure to reference generative AI use may constitute student misconduct under the Student Code of Conduct. To pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools. Further information regarding this assessment is provided in the Assessment Guideline. Criteria and Marking The grading rubric allocates marks to six dimensions: • IT Governance assessment and recommendations (10%) • Assessment of Internal Controls and Recommendations (20%) • Fraud assessment, detection, conclusions, and recommendations (20%) • Assessment of Operational Performance and Recommendations (20%), • Design and Performance of SQL Tests (20%), • Presentation and Communication (10%). A full and complete Business Consulting Report (between 8 and 12 pages in length excluding title pages and appendices) is to be submitted. Requirements This assessment task is a full and complete Business Consulting Report, formatted professionally and appropriately. Students shall address this task individually. This Business Consulting Report is to be written by you as an individual consultant that has been asked to use your understanding of IT governance as well as the systems analytical skills and techniques to provide advice to a client identified in the accompanying Assignment Specification. The Assignment Specification is provided on Learn.UQ as a supporting document separate to this Guideline. You are to document the results of your analysis as a business consulting report. The business consulting report is addressed to the audience noted in the Assignment Specification but is to be executed to a high standard as this report will be provided to the Board and Chief Executive Officer. In the Assignment Specification, you are provided with four Guiding Questions. Answering these questions requires that you apply your understanding of IT Governance and IT General Controls to provide IT governance and operational advice, and use the PostgreSQL and Microsoft Excel tools to undertake fraud analysis. UQ Business School 26th April 2024 diagrams, tables, appendices and, where used, references in the reference list) and the reference citation style where relevant. You should document the extent and type of use of artificial intelligence tools to support your writing (e.g. grammar, spelling, sentencing, or phrasing) or in deriving content (e.g. arguments, structure, outline) on the cover page. If artificial intelligence is not used, note this on the cover page. The length of the main body of the report is specified as being no more than 12 pages in length. You should write a consulting report that, in your professional judgment, best addresses the Guiding Questions whilst also aiming for clarity and conciseness. Too short and there may be insufficient detail. Too long, and you may not have summarised the material sufficiently. Use appendices well for reference and supporting material. Figures/diagrams/tables presented in the main body of the report should not exceed one page. There is no limit on the number of pages of appendices. However, in this vein, you should think in terms of a highly paid, busy senior executive spending his or her time reading your report. You would want to get your arguments across forcefully, but not waste the person's time. The senior executive would probably not read the appendices, so the body of your report should be able to stand on its own and match to the expectations of a business consulting report. The senior executive's staff analysts would likely examine your appendices in depth, however, so they must also be executed and presented to a high standard. You may need to use external independent sources in support of the arguments you present in the report, or the tests that you discuss. References when used can be cited using APA 6th, APA 7th, or Vancouver styles (you must note the referencing style on the title page). Other citation styles may be allowed through permission granted by the lecturer. Always remember that the report should conform to the standards of a professional business consulting report. Frequently Asked Questions • Can I use Artificial Intelligence in this report? In this assessment it is noted that this task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance. UQ Business School 26th April 2024 The prompts and the associated AI tool used for deriving content is to be recorded as endnotes1 in each instance. • Are independently researched quality academic sources required, and what are they? No they are not required. You may however choose to cite such sources in support of your answers to guiding questions. • Can we cite non-academic ‘industry’ sources? Yes you can, although they are not required. You may however choose to cite such sources in support of your answers to guiding questions, and this might support your evaluations and recommendations. • How long does the report need to be? The specification sheet says that the main body of the report (excluding title page, executive summary, and appendices) should be no more than 12 pages in length in Times Roman/Arial 10-point font or equivalent. You will need to keep in mind the need for a professionally presented report. The main part of the report should be sufficient for the busy executive to understand the core answers addressing the guiding questions. Detailed material and reports (query files, long reports, etc.) should be placed in the appendices. In writing your report, consider the busy executive who is reading the report, and aim for efficiency and ease of communication rather than for density and exhaustive analysis in the main report. Each student’s response will vary, not least due to the selected format and approach. Although no minimum length is specified, it is likely though that the main report will be somewhere in the range of between 8 to 12 pages in length. Given the usual rule of thumb of approximately 10% leeway – the report should NOT be more than 14 pages in length. Appendices and detailed analysis can (and should) be included in appendices to support your overall analysis. You should include some detail in the main body of your report and provide greater detail in the appendices. • How professional is professional? What does that even mean? It means that in every way the report is true to what you would expect a professional to UQ Business School 26th April 2024 • Do not allow your report to become waffly, vague, and wordy. Explicitly identify recommendations made (for example, "It is recommended that [insert recommendation]."). You should structure your report to match the requirements of the case. • What goes on the cover page again? On the cover/title page note the essay title, your student number, name, the course code and course title, the date, the word count (excluding Cover Page, Abstract, Figures/Diagrams/Tables, Appendices and References) and the reference citation style. You should document the extent and type of use of artificial intelligence tools to support your writing (e.g. grammar, spelling, sentencing, or phrasing) or in deriving content (e.g. arguments, structure, outline) on the cover page. If artificial intelligence is not used, note this on the cover page. Assessment The criterion-based marking rubric below applies the Criteria and Marking noted above. Part marks are rounded up to the nearest half mark. Assignment Submission There will be electronic submission of assignments through TurnItIn in the course website (Learn.UQ) under Assessment. The drop-box will remain open to allow for late submission. Your document must be submitted in either Microsoft Word document format or PDF format. You must name your document with your last name followed by your initial(s) (e.g., Smith_A.doc). All students will receive an electronic copy of their marked assignment through Learn.UQ. When you submit your assignment to the drop−box, this act will certify that you have acknowledged and understand the Plagiarism Statute of the University of Queensland. As a safeguard, you may wish to submit your assignment to the lecturer by electronic email at the same time as submitting via Blackboard (). Please discuss any problems that may lead to late submission with your lecturer at the earliest possible opportunity. Items (for which no extension has been granted) submitted after the due date and time, incur a late submission penalty. The penalty is at the rate of 10% of the total available marks for that piece of assessment, for each calendar day or part thereof that the item is overdue. BISM7221 – MARKING RUBRIC: BUSINESS CONSULTING REPORT (IS RECOMMENDATIONS) BISM7221 Information Systems Governance, and Assurance Business Consulting Report (IS Recommendations) Assessment Guideline (Semester 1 2024) 6 Assessed out of 100 points and scaled back to 50 marks. Part marks are rounded up to the nearest half mark. Below Expectations < 50% Meets Expectations 50% - 65% Good 65% to 75% Very Good 75% to 85% Outstanding 85% to 100% IT governance assessment and recommendations (10 points) No IT Governance mechanisms from the 'Engagement Model' are considered in the analysis. Some IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. Most Key IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. Key IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. All IT Governance mechanisms from the 'Engagement Model' from the case are considered in the analysis. No evaluation considering current issues and future directions is provided. An evaluation considering some issues and future needs is provided. A thorough evaluation considering issues and future needs is provided. A thorough evaluation is provided that considers key issues and future needs whilst also linking the evaluation to the recommendations made. A clear and professional evaluation is provided that considers key issues and future needs whilst also linking the evaluation to the recommendations made. Fewer than two recommendations are provided to improve IT Governance. Two or more recommendations are provided to improve IT Governance. Two or more recommendations are provided to improve IT Governance & the recommendations are supported by the evaluation. Two or more recommendations are provided to improve IT Governance & explicitly address the evaluation. Two or more highly relevant recommendations are provided to improve the IT Governance & explicitly address the evaluation. Assessment of Internal Controls and Recommendations (20 points) No physical controls are identified. Some physical controls are identified and evaluated. Most physical controls are identified and evaluated. Key physical controls are selected according to criteria, identified and evaluated. Key physical controls are selected according to criteria, identified and thoroughly evaluated. No general controls are identified. Some general controls are identified and evaluated. Most general controls are identified and evaluated. Key general controls are selected according to criteria, identified and evaluated. Key general controls are selected according to criteria, identified and thoroughly evaluated. No evaluation of the internal controls system as a whole is provided. An evaluation of the internal controls system as a whole is provided. An evaluation of the internal controls system as a whole is provided, and the evaluation is structured and considered in its approach. An evaluation of the internal controls system as a whole is provided, and the evaluation is structured and complete in its approach. An evaluation of the internal controls system as a whole is provided, and the evaluation is insightful, structured and complete in its approach. Fewer than three recommendations, are provided to improve internal controls. Three or more recommendations are provided to improve internal controls. Three or more recommendations are provided to improve internal controls and the recommendations address the weakness(es). Three or more recommendations are provided to improve internal controls and the link between control weaknesses & the recommendation is explicit. Three or more highly relevant recommendations are provided to improve internal controls and the link between control weaknesses & the recommendation is explicit